P
US12093685B2ActiveUtilityPatentIndex 59

Representing source code as implicit configuration items

Assignee: SERVICENOW INCPriority: Aug 12, 2020Filed: Feb 3, 2022Granted: Sep 17, 2024
Est. expiryAug 12, 2040(~14.1 yrs left)· nominal 20-yr term from priority
Inventors:TAMIR GIORAZETTEL KURTBOJJA NAVEENWAPLINGTON BRIAN JAMESSHAH MAULIKBROTHERTON THOMAS
G06F 21/577G06F 8/60G06F 2221/033G06F 8/71G06F 21/51
59
PatentIndex Score
0
Cited by
166
References
20
Claims

Abstract

Persistent storage may contain: (i) an explicit configuration item table with entries of explicit configuration items representing hardware devices and executable software applications deployed on the hardware devices, (ii) an implicit configuration item table with entries of implicit configuration items representing units of source code, wherein at least some of the executable software applications are compiled versions of the units of source code, and (iii) an implicit relationship table associating pairs of the configuration items. One or more processors may be configured to receive information related to a particular unit of source code; write, to the implicit configuration item table, at least some of the information as an implicit configuration item; determine that the implicit configuration item has one or more identifying attributes in common with an explicit configuration item; and write, to the implicit relationship table, a new entry associating the implicit configuration item and the explicit configuration item.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A system comprising:
 persistent storage containing an implicit configuration item table and an implicit relationship table, wherein the implicit configuration item table contains entries of implicit configuration items, wherein each implicit configuration item corresponds to one or more units of source code stored within a source code repository accessible to a managed network, and wherein the implicit relationship table associates each of the implicit configuration items with executable software applications deployed on hardware devices associated with the managed network; and 
 one or more processors configured to: 
 receive vulnerability information related to a unit of source code implemented as part of the managed network; 
 write, to the implicit configuration item table, at least some of the vulnerability information as part of an implicit configuration item; 
 determine that the implicit configuration item has at least one identifying attribute in common with an executable software application deployed on a hardware device associated with the managed network; 
 identify, by a vulnerability response application, a security-flag based on the executable software application corresponding to the implicit configuration item; 
 write, to the implicit relationship table, a new security entry associating the implicit configuration item and the executable software application; 
 determine, by the vulnerability response application, a risk associated with the new security entry, wherein the risk relates to the vulnerability information of the unit of source code; and 
 generate, by a development operations application, a change request with a priority reflective of the risk, wherein the change request describes the vulnerability information of the unit of source code. 
 
     
     
       2. The system of  claim 1 , wherein an explicit configuration item represents a compiled or executable version of the unit of source code, wherein the unit of source code and the compiled or executable version of the unit of source code are both disposed upon one or more of the hardware devices, and wherein the implicit relationship table associates the implicit configuration item and the explicit configuration item. 
     
     
       3. The system of  claim 1 , wherein an explicit configuration item represents a compiled or executable version of the unit of source code that is disposed upon a public cloud network, and wherein the implicit relationship table associates the implicit configuration item and the explicit configuration item. 
     
     
       4. The system of  claim 1 , wherein a plurality of explicit configuration items represent compiled or executable versions of the unit of source code, and wherein writing the new security entry associating the implicit configuration item and the executable software application comprises writing, to the implicit relationship table, new entries respectively associating the implicit configuration item with each of the plurality of explicit configuration items. 
     
     
       5. The system of  claim 1 , wherein the one or more processors are further configured to:
 receive second information related to a second unit of source code; 
 write, to the implicit configuration item table, at least some of the second information as a second implicit configuration item; 
 determine that the second implicit configuration item has one or more further identifying attributes in common with the executable software application; and 
 write, to the implicit relationship table, a second new security entry associating the second implicit configuration item and the executable software application. 
 
     
     
       6. The system of  claim 1 , wherein the persistent storage also contains an application-specific table dedicated to a software application, wherein the software application is configured to write the vulnerability information to the application-specific table, and wherein writing, to the implicit configuration item table, at least some of the vulnerability information as part of the implicit configuration item comprises copying selected parts of the vulnerability information from the application-specific table to the implicit configuration item table. 
     
     
       7. The system of  claim 1 , wherein the persistent storage also contains an application-specific table dedicated to a software application, and wherein the software application is configured to:
 traverse the implicit relationship table until the new security entry is found; 
 locate, using the new security entry, the implicit configuration item in the implicit configuration item table; and 
 copy at least some attributes of the implicit configuration item to the application-specific table. 
 
     
     
       8. The system of  claim 7 , wherein the software application is the development operations application, and wherein copying at least some attributes of the implicit configuration item to the application-specific table comprises automatically generating a change request based on attributes of the implicit configuration item. 
     
     
       9. The system of  claim 7 , wherein an explicit configuration item represents a compiled or executable version of the unit of source code, wherein the software application is an application portfolio management application, wherein copying at least some attributes of the implicit configuration item to the application-specific table comprises updating a representation of functionality provided by the compiled or executable version of the unit of source code, and wherein the implicit relationship table associates the implicit configuration item and the explicit configuration item. 
     
     
       10. The system of  claim 1 , wherein the vulnerability information is received from a software application, wherein the software application is the vulnerability response application, wherein the vulnerability information is a vulnerability assessment of the unit of source code, wherein the new security entry indicates that the vulnerability assessment applies to the executable software applications represented by an explicit configuration item, and wherein the implicit relationship table associates the implicit configuration item and the explicit configuration item. 
     
     
       11. The system of  claim 1 , wherein the vulnerability information includes the at least one identifying attributes. 
     
     
       12. The system of  claim 1 , wherein the at least one identifying attributes includes one or more of an application name, an application version number, or an application identifier. 
     
     
       13. A computer-implemented method comprising:
 receiving vulnerability information related to a unit of source code implemented as part of a managed network, wherein persistent storage contains an implicit configuration item table and an implicit relationship table, wherein the implicit configuration item table contains entries of implicit configuration items, wherein each implicit configuration item corresponds to one or more units of source code stored within a source code repository accessible to the managed network, and wherein the implicit relationship table associates each of the implicit configuration items with executable software applications deployed on hardware devices associated with the managed network; 
 writing, to the implicit configuration item table, at least some of the vulnerability information as part of an implicit configuration item; 
 determining that the implicit configuration item has at least one identifying attribute in common with an executable software application deployed on a hardware device associated with the managed network; 
 identifying, by a vulnerability response application, a security flag based on the executable software application corresponding to the implicit configuration item; 
 writing, to the implicit relationship table, a new security entry associating the implicit configuration item and the executable software application; 
 determining, by the vulnerability response application, a risk associated with the new security entry, wherein the risk relates to the vulnerability information of the unit of source code; and 
 generating, by a development operations application, a change request with a priority reflective of the risk, wherein the change request describes the vulnerability information of the unit of source code. 
 
     
     
       14. The computer-implemented method of  claim 13 , wherein an explicit configuration item represents a compiled or executable version of the unit of source code, wherein the unit of source code and the compiled or executable version of the unit of source code are both disposed upon one or more of the hardware devices, and wherein the implicit relationship table associates the implicit configuration item and the explicit configuration item. 
     
     
       15. The computer-implemented method of  claim 13 , wherein an explicit configuration item represents a compiled or executable version of the unit of source code that is disposed upon a public cloud network, and wherein the implicit relationship table associates the implicit configuration item and the explicit configuration item. 
     
     
       16. The computer-implemented method of  claim 13 , wherein a plurality of explicit configuration items represent compiled or executable versions of the unit of source code, and wherein writing the new security entry associating the implicit configuration item and the executable software application comprises writing, to the implicit relationship table, new entries respectively associating the implicit configuration item with each of the plurality of explicit configuration items. 
     
     
       17. The computer-implemented method of  claim 13 , further comprising:
 receiving second information related to a second particular unit of source code; 
 writing, to the implicit configuration item table, at least some of the second information as a second implicit configuration item; 
 determining that the second implicit configuration item has one or more further identifying attributes in common with the executable software application; and 
 writing, to the implicit relationship table, a second new security entry associating the second implicit configuration item and the executable software application. 
 
     
     
       18. The computer-implemented method of  claim 13 , wherein the persistent storage also contains an application-specific table dedicated to a software application, wherein the software application is configured to write the vulnerability information to the application-specific table, and wherein writing, to the implicit configuration item table, at least some of the vulnerability information as part of the implicit configuration item comprises copying selected parts of the vulnerability information from the application-specific table to the implicit configuration item table. 
     
     
       19. The computer-implemented method of  claim 13 , wherein the persistent storage also contains an application-specific table dedicated to a software application, and wherein the software application is configured to:
 traverse the implicit relationship table until the new security entry is found; 
 locate, using the new security entry, the implicit configuration item in the implicit configuration item table; and 
 copy at least some attributes of the implicit configuration item to the application-specific table. 
 
     
     
       20. An article of manufacture including a non-transitory computer-readable medium, having stored thereon program instructions that, upon execution by a computing system, cause the computing system to perform operations comprising:
 receiving vulnerability information related to a unit of source code implemented as part of a managed network, wherein persistent storage contains an implicit configuration item table and an implicit relationship table, wherein the implicit configuration item table contains entries of implicit configuration items, wherein each implicit configuration item corresponds to one or more units of source code stored within a source code repository accessible to the managed network, and wherein the implicit relationship table associates each of the implicit configuration items with executable software applications deployed on hardware devices associated with the managed network; 
 writing, to the implicit configuration item table, at least some of the vulnerability information as part of an implicit configuration item; 
 determining that the implicit configuration item has at least one identifying attribute in common with an executable software application deployed on a hardware device associated with the managed network; 
 identifying, by a vulnerability response application, a security flag based on the executable software application corresponding to the implicit configuration item; 
 writing, to the implicit relationship table, a new security entry associating the implicit configuration item and the executable software application; 
 determining, by the vulnerability response application, a risk associated with the new security entry, wherein the risk relates to the vulnerability information of the unit of source code; and 
 generating, by a development operations application, a change request with a priority reflective of determined risk, wherein the change request describes the vulnerability information of the unit of source code.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.